Device Proliferation, BYOD, and Security

It started with the iPhone and really picked up with the iPad. Silver haired gents in corner offices brought their new precious to IT and asked to “get on the network” or “get their email on this.” In the past, IT was able to mumble something about unsupported devices and how a random user who brought a random device was out of luck. After all, they had tested solutions in place, nice things like Windows Mobile and Blackberry, solutions that worked well with Enterprise infrastructure. These new things might be better at Angry Birds or Plants vs Zombies, but the whole BYOD/Enterprise interaction was an unknown and thus a threat and a risk. Poor IT guys got trumped though, silver haired guys said jump and eventually the answer changed from “not supported” to a more career preserving “how high?”

Of course, this left challenges. Sure, many BYOD devices support ActiveSync, and thus an IT group running Exchange may be able to remotely lock/wipe the device, enforce password requirements and even require on-device encryption, but there is only so much you can do with the useful but limited device management capabilities that come with Exchange.

Mobile Device Management, in this context sometimes called Enterprise device management, enables things that help make devices enterprise friendly such as password management, inventory management, remote lock/wipe, software distribution etc. These things help, but there are still challenges.

For example, Joe Worker leaves a company. With an Enterprise owned device wiping the device is an easy call, boom, done. However, with an employee liable device, wiping the phone will not only wipe whatever corporate email was on the device, but also wipe personal data and in some cases even render the device unconfigured and unable to connect to the data network until someone goes in and reconfigures APN and other settings.

One way out, an approach that is growing in mindshare and feasibility, is virtualization. Instead of putting corporate data on an employee owned machine, put a corporate virtual machine, already configured and secured, on the employee machine. When the employee leaves the company, the VM leaves the personal device. POOF! Corporate stuff is gone, but personal stuff remains.

Some of the individuals posting to this site, including the moderators, work for Cisco Systems. Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of Cisco. The content is provided for informational purposes only and is not meant to be an endorsement or representation by Cisco or any other party. This site is available to the public. No information you consider confidential should be posted to this site. By posting you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to the Website and release Cisco from any liability related to your use of the Website. You also grant to Cisco a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable (including rights to sublicense) right to exercise all copyright, publicity, and moral rights with respect to any original content you provide. The comments are moderated. Comments will appear as soon as they are approved by the moderator.